Assuring Safe Patient Health Information (PHI) in Radiology

PHI may be referred to as “personal health information” or “patient health information”, and both of these acronyms are technically true, as the information in question is personal to the patient.

PHI may be referred to as “personal health information” or “patient health information”, and both of these acronyms are technically true, as the information in question is personal to the patient. However, according to the HIPAA Privacy Rule, PHI is short for “protected health information”.  The HIPAA website says information includes: “patient names, addresses, and all information pertaining to the patients’ health and payment records.” It can also extend to financial information, SSN numbers, and even photos of patients.

Keeping this information private and secure is essential in order to avoid negative repercussions for the patient (should their personal, medical and/or financial information fall into the wrong hands) and to avoid civil and criminal penalties which could be incurred if a practice fails to comply with HIPAA Rules.

So ask yourself, “How can my practice keep PHI under wraps?” Below are several areas in which a healthcare provider can focus on in order to maintain security and stay compliant:

Keep Software/Security Updated

To maintain PHI security a radiology practice should utilize measures such as:

• Secure computer passwords (which should be kept confidential)
• Updated anti-virus software
• Regular data backups
• Use of digital signatures
• Encryption of data

In order to be sure that your practice is employing the most up-to-date methods it is important to keep abreast on current trends in healthcare information and technology.

Employee Training and Education

In this day and age, no healthcare practice, no matter how secure or cutting-edge their software is, is infallible to security breaches.  This is why keeping staff up-to-date on current standards via employee training is key to maintaining HIPAA compliance and maintaining PHI security.

It’s also advisable for a practice’s employees to be well-versed in procedures which may seem like common sense but which can be overlooked when working in a bustling healthcare practice. For example:

• Both employees and providers should be advised against leaving copies of x-rays or other documents in the copier or fax machine for longer than necessary. Also, all fax numbers and email addresses should be carefully checked prior to use to avoid sending information to the wrong entity.
• Patient information should never be discussed in public areas where it can be overheard.
• Patient files and other patient documents should not be taken out of the office.
• Computer passwords should not be shared with others or displayed anywhere.
• Computers should be locked when not in use to avoid the chance of passerby viewing confidential information.

These points should be reinforced in order to avoid a personal health information (PHI) security breach.

Patients should be able to rest easy when sharing their personal information with healthcare providers. Adherence to guidelines, attention to detail and clear communication of what is required from employees in terms of PHI security will go a long way toward maintaining patient trust and staying compliant.